Documentation - Blacklisting

Back to Documentation

Overview

Refract DNS provides two methods of blacklisting domains. The first is by creating records via the Refract DNS Manager which is detailed in the Records documentation. This method is intended for use when the user wants to be able to enable and disable individual blacklistings and not for bulk blacklisting.

To avoid having to enter thousands of records, Refract DNS provides a method of listing blacklisted domains in bulk by placing files containing blacklisted domains in the %Install Folder%\Data\Blacklist directory. The file must be in a specific format which is detailed below.

Refract DNS only reads files from the blacklist directory when the service is started. If a file is added or changed in the directory then the Refract DNS Windows Service must be restarted. This can be done from the Control Panel.

Domains defined in blacklisted files will not appear in the Refract DNS Manager.

Publicly Available Files

There are many publically availabe list of blacklisted domains, a few example can be found in this documentation. Where we provide examples Refact DNS is not endorsing the list and the user should make their own assessment on how safe a list is to use.

Most publically available blacklists define the domain to be blocked and an IP address to return. For security Refract DNS ignores the IP addresses specified and instead use the IP address specified in the application Settings. This removes the risk of traffic being redirect to an unknown IP by a bad entry in a blacklisting file.

File Types

Refract DNS supports the following file formats:

Refract DNS File

File Extension: rdns (example.rdns)

The Refract DNS file type allows a user to specify both fully qualified domains and wildcard domains:

    # Refract DNS File Example

    021.moro.tv
    *.00go.com

When using the Refract DNS file format no IP address needs to be added. Both A and AAAA record requests will be blacklisted.

Domains defined without a leading '*.' will be considered fully qualified. For example 021.moro.tv will blacklist only 021.moro.tv. The line *.00go.com will blacklist the following domains:

  • 00go.com
  • sub.00go.com
  • sub.sub.00go.com

The following apply to this file format:

  • File extension must be rdns.
  • Only one domain per line.
  • Lines that start with a '#' are treated as comments.
  • Entries that start with '*.' are considered wildcard entries.

Host File

File Extension: host (example.host)

This is the same format as the Windows Hosts file and must contain IP and Domain pairs:

    # Host File Blacklist Example

    0.0.0.0 019201.webcindario.com
    :: 019201.webcindario.com
    0.0.0.0 01bvxp4ze2.bradul.creatory.org
    :: 01bvxp4ze2.bradul.creatory.org
    0.0.0.0 020.moro.tv
    :: 020.moro.tv
    0.0.0.0 021.moro.tv
    :: 021.moro.tv

The following apply to this file format:

  • File extension must be host.
  • Only one domain and IP pair per line. Multiple domains defined on the same line are not supported.
  • Lines that start with a '#' are treated as comments.
  • Domains in this file type are considered fully qualified domains.

An example of this file format can be found on GitHub. This file is not supplied by Refract DNS and users should make their own security assessment of the file.

DNSMASQ

File Extension: dnsm (example.dnsm)

This file format is used by DNSMASQ:

    # DNSMASQ File Example

    address=/00game.net/0.0.0.0
    address=/00game.net/::
    address=/00go.com/0.0.0.0
    address=/00go.com/::
    address=/00h10.com/0.0.0.0
    address=/00h10.com/::
    address=/00it.com/0.0.0.0

Domains in this file format are considered to be wildcard domains. For example the line address=/00go.com/:: will blacklist the domain itself and all subdomains. For example the following domains will be blacklisted:

  • 00go.com
  • sub.00go.com
  • sub.sub.00go.com

The following apply to this file format:

  • File extension must be dnsm.
  • Only one domain and IP pair per line.
  • Lines that start with a '#' are treated as comments.
  • Entries must be defined in the format address=/{domain}/{ip}.

An example of this file format can be found on GitHub. This file is not supplied by Refract DNS and users should make their own security assessment of the file.

Back to Documentation

About

Remove the frustration of the Windows hosts file and take control of your DNS.

Share
Our Contacts

The Guild Hub, High Street
Bath BA1 5EB